Category Archives: Cyber War

Brazil/Olympics Under Islamic State Threat

Posted on by

Brazil threat

 

TRAC: South America has not historically been considered a high priority target for Islamic State for reasons ranging from practical to ideological. It has instead been used for remote finance and small-scale recruitment operations by Shia groups and IS’ predecessor, al-Qaeda. It would appear, however, that Islamic State has recognized that political and economic turmoil in countries like Brazil, Venezuela, and Mexico have presented opportunity in the Western Hemisphere.

A sample of recent activity documented by TRAC includes:

Image: A map of the particularly vulnerable border region referred to as the Triple Frontier.

All of this activity, combined with the backdrop of border insecurity at the Triple Frontier, IS recruitment in Mexico, and an active cell in São Paulo present terrorists with copious soft targets in South America, highlighted by the 2016 Olympics.

*****

Threat Assessment

Based on the information currently available, the threat of an IS-directed attack on the Olympics remains low, though the possibility of an IS-inspired small scale assault always looms. Preventing such an attack will rely on security arrangements at the venue, hotels, and transportation facilities where crime has already been listed as a high risk concern.

Never a High Priority Target

South America has not historically been considered a high priority target for Islamic State or other Sunni jihadist groups for many reasons, ranging from the practical to the ideological. Unlike many European nations, some of whom have a long history of interests in in the Middle East, South American countries are not typically viewed by Sunni militants as potent allies of the US. Instead, Brazil (among others) has served as a place to base remote finance and small-scale recruitment operations.

Outside Historical Caliphate Lands

Central and South America are not part of the lands claimed by historic Islamic conquest and thus fall outside the scope of Islamic State’s ideological priority of extending the Caliphate to the lands that at one time or another were considered belonging to the Umma. (Even the world maps created for Islamic State propaganda don’t bother to identify South America.)

New Focus on Portuguese & Spanish Speakers

This de-emphasis of targets south of the US may be coming to an end, however, on the part of Islamic State. ISIS has recognized the importance of shifting focus from its loses and struggles to new frontiers and opening linguistic doors to recruitment candidates. Following the 11/13 Paris Attacks a tweet attributed to Maxime Hauchard named Brazil as “our next target,” although TRAC has not been able to find a primary source record of this threat. In Spring 2016, Dabiq announced ISIS’ desire to proselytize Mayas with an “anti-colonial” message. Additionally, the approaching 2016 Olympics present an opportunity for Islamic State focus its narrative in a South American nation where it has already seen some support: Brazil.

Images: Jihadi Jean Luc identified as Steve Duarte. A Luxemburger of Portuguese descent, Duarte was featured in major Islamic State video release as a French-Speaking executioner.  In the video he refers to Andalusia and its Muslim cities, threatening Spain.  For More on (Video) Islamic State : Filtering Apostates – Five Simultaneous Executions Featuring French Speaking Executioner Wilayat Nineveh

Political Context

  • In the final week of February 2016, Brazil’s legislature approved a controversial anti-terrorism law after months of debate.
  • President Rousseff signed to enact the law in the final week of March 2016.
  • Allows for sentences of 12-30 years.
  • Opponents consider it a tool for restraining and silencing Brazil’s political dissident movements.
  • With Brazil’s corruption rankings plummeting and successful Olympics on the line, there is reason to believe some in power seek to silence opposition groups.
  • The law’s advocates, however, seek not only to avoid sanction but to have additional tools ready to combat global jihad.
  • Specific wording: “the practice by one or more individuals of acts for the reason of xenophobia, discrimination or prejudice of race, color, ethnic group or religion with the aim to generate social or generalized terror, endangering people, assets, the public peace or safety.”
  • Israeli officials heralded the law citing years of exploitation of Brazil by Iran and Iranian proxy Hezbollah

Recruitment of Portuguese Speakers

Islamic State Messaging

On 03 June 2016 Telegram IS affiliated channel “Online Dawah Operations” shared a general post in English calling for Spanish and Portuguese speakers:

Reads: “Dear brothers and sisters, we are in need of brothers and sisters who can speak either Portuguese or Spanish to help us on our project in’shaa Allah. If you speak one of those languages and you are willing to join our translation team please Wickr me: ismailbrazili.”

Islamic State Nashir channel in Portuguese appeared on Telegram 29 May 2016:

Five days before Islamic State member Ismail Brazili called for Portuguese speakers on a general Telegram channel, a Nashir Portuguese channel appeared on Telegram. It was created 29 May 2016 but did not make its first post until 02 June 2016.  Though the posts are merely reprints of the main Nashir Arabic Channel,  its important to recognize the out-reach to get news from IS controlled areas and IS Wilayats to Portuguese speakers.

Important Hashtags

Islamic State relies on hashtags to spread news on both Telegram and Twitter.  In almost all the Portuguese Telegram posts the following hashtags are used to spread the propaganda:

#ReportagemFotográfica
#EstadoIslâmico
#CalifadoPT

Plus the hashtag of the specific Wilayat that is being propagated.

Examples of Portuguese claims of credit

Posted 19 June 2016

Posted 20 June 2016

Posed 08 June 2016

The red over blue claims of credit (as well as light blue over darker blue) are very typical of traditional Islamic State claims, however the Portuguese are slightly different:  the Wilayat appears to the left (opposed to the right) and each are marked “Urgente” which the Islamic State does not print on the claims of credit in Arabic or other languages.

Former GITMO detainee latest Lebanese immigrant to raise alarm in Brazil

The announcement that former Guantanamo detainee Jihad Ahmed Mustafa Dhiab may have legally traveled to Brazil has recently recast Brazil into the spotlight for concerns of jihadist activity. After being transferred to Uruguay in December 2014, Dhiab — whose mother is Argentine –reportedly attempted to travel legally to Brazil, but was denied entrance, according to the statement of an official in Uruguay. Contrary to these reports, another official responsible for working with the Uruguay resettlement, Christian Mirza, said Dhiab traveled legally first to Argentina (in 2015) and then to Brazil, but that his whereabouts are unknown. Dhiab also apparently walks with crutches as a result of poor health, making an undocumented, illegal border crossing more difficult, but not impossible with assistance. On the other hand, Uruguay did not agree to the US request to retain for two years the six resettled detainees.

 Jihad Ahmed Mustafa Dhiab.

Dhiab is not the fist Lebanese Sunni to make headlines in Brazil. A suspected ISIS-finance cell associated with an Egyptian jihadist in São Paulo has been profiled by TRAC and is available here:

Islamic State Brazil : São Paulo Cell — (Islamic State / ISIS) — CELL PROFILE

In an operation called Menzad, 18 search warrants were issued to halt the Alameddine family’s fraudulent activity in money transfers suspected of supporting ISIS. It included the arrest of Egyptian Hesham Eltrabily, accused by Egypt of involvement in the 1997 Luxor Massacre.

Khaled Hussein Ali is yet another Lebanese transplant to Brazil of great concern in light of Islamic State’s growing influence. Although his affiliation with Al Qaeda reaches high into the organization, it is likely that his role in spreading propaganda and operating internet cafes in Vila Matilde has created fallow ground for Islamic State’s message in São Paulo and beyond.

Border Security and Soft Targets Concern

Border security has long been problematic for Brazil and its neighbors dealing with drug trafficking and militias. Additionally, the Rio Olympics present copious soft target opportunities for jihadist and other groups. Below are a map of the particularly vulnerable border region referred to as the Triple Frontier:

This area is relatively under-policed and concerns are that exploitation by Sunni jihadists would create fall-out with the Shia community, whose large mosques dot the Brazilian border facing Paraguay.

Russian Hackers Also Hit the Clinton Foundation

Posted on by

So, global adversaries came to understand early that much of the covert and diplomatic work and connections by Hillary Clinton during her term as senator and later as Secretary of State was going on in a dual location, meaning the Clinton Foundation and the U.S. State Department. So….let the hacking begin, and they did.

Now there is a question: Are there more than one servers? Evidence speaks to the answer, YES. See this item from Forbes where there are clues.

 

Records reveal that Hillary Clinton’s private clintonemail.com server shared an IP address with her husband Bill Clinton’s email server, presidentclinton.com, and both servers were housed in New York City, not in the basement of the Clintons’ Chappaqua, New York home.

Web archives show that the Presidentclinton.com Web address was being operated by the Clinton Foundation as of 2009, when Hillary Clinton registered her own clintonemail.com server.

Numerous Clinton Foundation employees used the presidentclinton.com server for their own email addresses, which means that they were using email accounts that, if hacked, would have given any hacker complete access to Hillary Clinton’s State Department emails, as well. More here.

Clinton Foundation Said to Be Breached by Russian Hackers

Bloomberg: The Bill, Hillary and Chelsea Clinton Foundation was among the organizations breached by suspected Russian hackers in a dragnet of the U.S. political apparatus ahead of the November election, according to three people familiar with the matter.

The attacks on the foundation’s network, as well as those of the Democratic Party and Hillary Clinton’s presidential campaign, compound concerns about her digital security even as the FBI continues to investigate her use of a personal e-mail server while she was secretary of state.

A spokesman for the foundation, Brian Cookstra, said he wasn’t aware of any breach. The compromise of the foundation’s computers was first identified by government investigators as recently as last week, the people familiar with the matter said. Agents monitor servers used by hackers to communicate with their targets, giving them a back channel view of attacks, often even before the victims detect them.

For a primer on recent cyber intrusions, click here.

Before the Democratic National Committee disclosed a major computer breach last week, U.S. officials informed both political parties and the presidential campaigns of Clinton, Donald Trump and Bernie Sanders that sophisticated hackers were attempting to penetrate their computers, according to a person familiar with the government investigation into the attacks.

The hackers in fact sought data from at least 4,000 individuals associated with U.S. politics — party aides, advisers, lawyers and foundations — for about seven months through mid-May, according to another person familiar with the investigations.

Thousands of Documents

The thefts set the stage for what could be a Washington remake of the public shaming that shook Sony in 2014, when thousands of inflammatory internal e-mails filled with gossip about world leaders and Hollywood stars were made public. Donor information and opposition research on Trump purportedly stolen from the Democratic Party has surfaced online, and the culprit has threatened to publish thousands more documents.

A hacker or group of hackers calling themselves Guccifer 2.0 posted another trove of documents purportedly from the DNC on Tuesday, including what they said was a list of donors who had made large contributions to the Clinton Foundation.

The Republican Party and the Trump campaign have been mostly silent on the computer attacks. In an earlier statement, Trump said the hack was a political ploy concocted by the Democrats.

Information about the scope of the attacks and the government warnings raises new questions about how long the campaigns have known about the threats and whether they have done enough to protect their systems.

The Clinton campaign was aware as early as April that it had been targeted by hackers with links to the Russian government on at least four recent occasions, according to a person familiar with the campaign’s computer security.

U.S. Inquiries

The U.S. Secret Service, Federal Bureau of Investigation and National Security Agency are all involved in the investigation of the theft of data from the political parties and individuals over the last several months, one of the people familiar with the investigation said. The agencies have made no public statements about their inquiry.

The FBI has been careful to keep that investigation separate from the review of Clinton’s use of private e-mail, using separate investigators, according to the person briefed on the matter. The agencies didn’t immediately respond to requests for comment.

Clinton spokesman Glen Caplin said that he couldn’t comment on government briefings about cyber security and that the campaign had no evidence that its systems were compromised.

“We routinely communicate and cooperate with government agencies on security-related matters,” he said. “What appears evident is that the Russian groups responsible for the DNC hack are intent on attempting to influence the outcome of this election.”

The DNC wouldn’t directly address the attacks but said in a written statement that it believes the leaks are “part of a disinformation campaign by the Russians.”

Trump spokeswoman Hope Hicks didn’t respond to e-mails seeking comment about the government warnings. The Republican National Committee didn’t respond to e-mail messages. A Sanders spokesman, Michael Briggs, said he wasn’t aware of the warnings.

IDing the Hackers

The government’s investigation is following a similar path as the DNC’s, including trying to precisely identify the hackers and their possible motives, according to people familiar with the investigations. The hackers’ link to the Russian government was first identified by CrowdStrike Inc., working for the Democratic Party.

A law firm reviewing the DNC’s initial findings, Baker & McKenzie, has begun working with three additional security firms — FireEye Inc., Palo Alto Networks Inc. and Fidelis Cybersecurity — to confirm the link, according to two people familiar with the matter, underscoring Democrats’ concerns that the stolen information could be used to try to influence the outcome of the November election.

A spokesman for Baker & McKenzie didn’t immediately respond to requests for comment. DNC spokesman Luis Miranda said the party worked only with CrowdStrike.

If the Democrats can show the hidden hand of Russian intelligence agencies, they believe that voter outrage will probably outweigh any embarrassing revelations, a person familiar with the party’s thinking said.

So far the released documents have revealed little that is new or explosive, but that could change. Guccifer 2.0 has threatened to eventually release thousands of internal memos and other documents.

Line of Attack

Sensitive documents from the Clinton Foundation could have the most damaging potential. The Trump camp has said it plans to make the foundation’s activities a subject of attacks against Clinton; the sort of confidential data contained in e-mails, databases and other digital archives could aid that effort.

An analysis by Fidelis confirmed that groups linked to Russian intelligence agencies were behind the DNC hack, according to a published report.

The government fills a crucial gap in flagging attacks that organizations can’t detect themselves, said Tony Lawrence, a former U.S. Army cyber specialist and now chief executive officer of VOR Technology, a computer security company in Hanover, Maryland.

“These state actors spend billions of dollars on exploits to gather information on candidates, and nine times out of ten [victims] won’t be able to identify or attribute them,” he said.

Google Accounts

Bloomberg News reported Friday that the hackers who hit the DNC and Clinton’s campaign burrowed much further into the U.S. political system than initially thought, sweeping in law firms, lobbyists, consultants, foundations and policy groups in a campaign that targeted thousands of Google e-mail accounts and lasted from October through mid-May.

Data from the attacks have led some security researchers to conclude that the hackers were linked to Russian intelligence services and were broadly successful in stealing reports, policy papers, correspondence and other information. Dmitry Peskov, a spokesman for President Vladimir Putin, denied that the Russian government was involved.

Russia uses sophisticated “information operations” to advance foreign policy, and the target audience for this kind of mission wouldn’t be U.S. voters or even U.S. politicians, said Brendan Conlon, who once led a National Security Agency hacking unit.

“Why would Russia go to this trouble? Simple answer — because it met their foreign policy objectives, to weaken the U.S. in the eyes of our allies and adversaries,” said Conlon, now CEO of Vahna Inc., a cyber security firm in Washington. Publishing the DNC report on Trump “weakens both candidates — lists out all the weaknesses of Trump specifically while highlighting weaknesses of Clinton’s security issues. The end result is a weaker president once elected.”

Russia Link

Russia has an expansive cyber force that it has deployed in complex disinformation campaigns throughout Europe, according to intelligence officials.

BfV, the German intelligence agency, has concluded that Russia was responsible for a 2015 hack against the Bundestag that forced shutdown of its computer systems for several days. Germany is under “permanent threat” from Russian hackers, said BfV chief Hans-Georeg Maassen.

Security software maker Trend Micro said in May that Russian hackers had been trying for several weeks to steal data from Chancellor Angela Merkel’s Christian Democratic Union party, and that they also tried to hack the Dutch Safety Board computer systems to obtain an advance copy of a report on the downing of a Malaysian aircraft over Ukraine in July 2014. The report said the plane was brought down by a Russian-made Buk surface-to-air missile.

The cyber attacks are part of a broader pattern of state-sponsored hacking by Russia focused on political targets, with a goal of giving Russia the upper hand in dealing with other governments, said Pasi Eronen, a Helsinki-based cyber warfare researcher who has advised Finland’s Defense Ministry.

 

Islamic State Threatens U.S. Military Bases

Posted on by

S. Korea beefs up security after Islamic State threatens US bases

Stripes: SEOUL, South Korea— The South Korean government said Monday it will step up security measures against potential terrorist threats after U.S. air bases and a South Korean civilian reportedly appeared on a list of targets circulated by a pro-Islamic State group of hackers.

Gen. Vincent Brooks, U.S. Forces Korea commander, and Gen. Lee Soon-jim, of the South Korean joint chiefs of staff, receive a briefing at the Joint Security Area of the Demilitarized Zone Thursday, May 12, 2016. The South Korean government reported Monday that U.S. bases and a South Korean civilian appeared on a list of targets circulated by pro-Islamic State hackers.<br>Kim Gamel/Stars and Stripes

Gen. Vincent Brooks, U.S. Forces Korea commander, and Gen. Lee Soon-jim, of the South Korean joint chiefs of staff, receive a briefing at the Joint Security Area of the Demilitarized Zone Thursday, May 12, 2016. The South Korean government reported Monday that U.S. bases and a South Korean civilian appeared on a list of targets circulated by pro-Islamic State hackers.

U.S. Forces Korea said the alert levels at military installations on the divided peninsula have not changed but stressed it is ready to respond “at any time to any emerging threats.”

Concern was raised over the weekend when South Korea’s state spy agency said Islamic State has called for attacks by revealing the locations of 77 U.S. and NATO air force installations, including Osan and Kunsan air bases, on messaging services. A South Korean employee of a welfare organization also was listed, the agency said.

The list included targets in several countries and was a troubling reminder that South Korea faces possible threats beyond its longtime rival to the north. The two Koreas remain technically at war since the 1950-53 conflict ended in an armistice instead of a peace treaty. Some 28,500 American servicemembers are stationed in the South.

The National Intelligence Service statement warned that “terror against South Korean citizens and foreigners in this country is becoming a reality.”

The spy agency apparently was referring to a so-called kill list released earlier this month by a pro-ISIS hacking group known as the United Cyber Caliphate with the names, addresses and email addresses of more than 8,000 people. It was not clear how or why the individuals were selected.

The group also published satellite images showing U.S. air bases around the world, although the same images can be found on Google Earth, according to Vocativ, a media and technology company that reported on the list on June 8.

NIS said it had told the U.S. military and South Korean military and police agencies to be on guard and to provide sufficient protection for the facilities mentioned by the group.

USFK said it takes the safety of the installations very seriously and remains committed to ensuring the highest degree of security on the peninsula.

“Through constant vigilance and regular exercises with our South Korean counterparts, we remain prepared to respond at any time to any emerging threats,” it said in an emailed statement.

South Korean Prime Minister Hwang Kyo-ahn said Monday that the government will come up with measures to prevent terrorist attacks, the Yonhap news agency reported. He said the nation’s counterterrorism center also will increase investigations and take every possible step to protect the public.

“The Islamic State of Iraq and the Levant has been citing South Korea as a potential target for its attacks since last September,” Hwang was quoted as saying.

 

**** From SCMagazine in April:

Several ISIS hacking groups announced on social media that they have joined forces to form a mega hacking group called United Cyber Caliphate (UCC).

Last week, threat actors in the group posted the names and addresses of 3,602 of the “most important citizens” of #NewYork and #Brooklyn and called for ISIS sympathizers to use the information to carry out lone wolf attacks, according to Techworm.

The list includes about 3,000 ordinary New Yorkers who have no specific ties to the government. The majority of the people on the list live in Manhattan and Brookly and each will receive a visit from the Federal Bureau of Investigations and the NYPD to discuss the issue, according to NBC4 New York.

During the same time, the group reportedly defaced the website of a Michigan church, leaving behind ISIS propaganda as part of a larger campaign using the “#KillCrusaders” hashtag.

UCC also claimed to have launched a cyberattack against the U.S. State Department that resulted in the leaked the data of about 50 employees, and defacement campaigns that targeted multiple Australian websites and the Russian Federal Customs Service.

The group also took credit for an attack that leaked the data of 18,000 Saudi Ministry of Defense and Aviation employees.

Update 4/27: UCC this week published a new kill list featuring names linked to the U.S. State Department, the DHS and other federal agencies, according to a report from Vocativ.

Demand the Pen and Phone for the Alien Enemies Act

Posted on by

 

   

8 Terror Attacks in Almost 8 Years: America Has Averaged One Terror Attack a Year Under Obama’s Watch

NYPost: America has now averaged one serious Islamic terrorist attack a year on President Obama’s watch, yet he still insists the threat from radical Islam is overblown and that he’s successfully protecting the nation.

If only hubris could be weaponized!

In the wake of Omar Mateen’s Orlando massacre, Obama whined about growing criticism of his terror-fighting strategy. But boy, does he deserve it. His record on terrorism is terrible, and Hillary Clinton should have a tough time defending it.

Here we are in the eighth year of his presidency, and the nation has now suffered eight significant attacks by Islamist terrorists on US soil or diplomatic property — an average of one attack a year since Obama’s been in office, with each new attack seemingly worse than the last.

And there’s six long months left to go.

Obama said Orlando “marks the most deadly shooting in American history.” Actually, it was the second-worst act of Islamic terrorism in American history, replacing in six short months the San Bernardino massacre as the deadliest terrorist attack on US soil since 9/11.

Here are the previous seven:

December 2015: Syed Farook and Tashfeen Malik, a married Pakistani couple, stormed a San Bernardino County government building with combat gear and rifles and opened fire on about 80 employees enjoying an office Christmas party. They killed 14 after pledging loyalty to ISIS. A third Muslim was charged with helping buy weapons.

July 2015: Mohammad Abdulazeez opened fire on a military recruiting center and US Navy Reserve center in Chattanooga, Tenn., where he shot to death four Marines and a sailor. Obama refused to call it terrorism.

May 2015: ISIS-directed Muslims Nadir Soofi and Elton Simpson opened fire on the Curtis Culwell Center in Garland, Texas, shooting a security guard before police took them down.

April 2013: Dzhokhar and Tamerlan Tsarnaev, Muslim brothers from Chechnya, exploded a pair of pressure-cooker bombs at the Boston Marathon, killing three and wounding more than 260. At least 17 people lost limbs from the shrapnel.

September 2012: Terrorists with al Qaeda in the Maghreb attacked the US Consulate in Benghazi, Libya, killing the US ambassador, a US Foreign Service officer and two CIA contractors. Obama and then-Secretary of State Clinton misled the American people, blaming the attack on an anti-Muslim video.

November 2009: Army Maj. Nidal Hasan opened fire on fellow soldiers at Fort Hood, Texas, killing 13. Obama ruled it “workplace violence,” even though Hasan was in contact with an al Qaeda leader before the strikes and praised Allah as he mowed down troops.

June 2009: Al Qaeda-trained Abdulhakim Muhammad opened fire on an Army recruiting office in Little Rock, Ark., killing Pvt. William Long and wounding Pvt. Quinton Ezeagwula.

So there you have it — an average of one serious terror strike against the United States every year on Obama’s watch. And we’re not even counting the underwear bomber, Times Square bomber, Fed Ex bombs and other near-misses.

History will not be kind to this president’s record.

When he came into office, Obama vowed to defeat terrorism using “all elements of our power”: “My single most important responsibility as president is to keep the American people safe. It’s the first thing that I think about when I wake up in the morning. It’s the last thing that I think about when I go to sleep at night.”

But it soon became clear he wasn’t serious.

In June 2009, Obama traveled to Cairo to apologize to Muslims the world over for America’s war on terror. Then he canceled the war and released as many terrorists as he could from Gitmo, while ordering the FBI and Homeland Security to delete “jihad” and other Islamic references from their counterterrorism manuals and fire all trainers who linked terrorism to Islam, blinding investigators to the threat from homegrown jihadists like Mateen.

Obama also stopped a major investigation of terror-supporting Muslim Brotherhood front groups and radical mosques, while opening the floodgates to Muslim immigrants, importing more than 400,000 of them, many from terrorist hot spots Syria, Iraq, Somalia, Saudi Arabia and Pakistan.

Attack after attack, the president has ridiculously maintained that global warming is a bigger threat than global terrorism. Americans are fed up. Even before San Bernardino and Orlando, polls showed Obama was widely viewed as soft on Islamist terrorists. He has an absolutely awful record keeping us safe from terrorism.

And this is the security mantle Hillary is so proud to inherit? Good luck with that.

Paul Sperry is author of “Infiltration: How Muslim Spies and Subversives Have Penetrated Washington” and “Muslim Mafia: Inside the Secret Underworld That’s Conspiring to Islamize America.”

***** Now for the human dimension to protect the homeland.

Obama has the authority to use his pen and phone on two options, declare a presidential proclamation or apply the law, The Alien Enemies Act. This can only be done during a time of war, such that the United States remains in a war since 2001. There is no question that the battlefields have remained the same while additional areas of hostilities have been added. The enemy is dynamic and has moved for at least a decade and the terror soldiers wear no flag patch of loyalty to a country but rather to a militant Islamic doctrine. Former President George W. Bush using all the legal and historical experts was correct in using the term ‘enemy combatant’.

As noted above, in the last 8 years, enemy combatants have brought the war, the hostilities and death to the homeland. This is the time for the sitting president to apply his authority which would provide more aggressive actions be taken by all law enforcement and investigative agencies in the United States asserting a higher level of protection. To not do so, is reckless, antithetical to his oath and to all the others that pledge the same oath. The United States is in a national security crisis and it must be declared. Consider, this is not just about the homeland, all foreign locations such as diplomatic posts or embassies are part of U.S. sovereign land where any location that is attack would also require presidential action.

The Alien Enemies Act is still on the books today, such that it is extraordinary that no one in Congress has in fact demanded it be applied. There are those that walk among us in this nation that are from and loyal to hostile nations.

Related reading:  Proclamation 2685–Removal of alien enemies

Related reading: Truman, Proclamation 2685

Related reading: Executive Order 9066

While this summary could be considered rhetorical, nonetheless it is real and this is our mission, our battle to win or lose.

SECTION 1. Be it enacted by the Senate and the House of Representatives of the United States of America in Congress assembled, That it shall be lawful for the President of the United States at any time during the continuance of this act, to order all such aliens as he shall judge dangerous to the peace and safety of the United States, or shall have reasonable grounds to suspect are concerned in any treasonable or secret machinations against the government thereof, to depart out of the territory of the United Slates, within such time as shall be expressed in such order, which order shall be served on such alien by delivering him a copy thereof, or leaving the same at his usual abode, and returned to the office of the Secretary of State, by the marshal or other person to whom the same shall be directed. And in case any alien, so ordered to depart, shall be found at large within the United States after the time limited in such order for his departure, and not having obtained a license from the President to reside therein, or having obtained such license shall not have conformed thereto, every such alien shall, on conviction thereof, be imprisoned for a term not exceeding three years, and shall never after be admitted to become a citizen of the United States. Read the full Act here.

Facts on TWO Lists, Watch List and Terror List

Posted on by

   

Most Wanted Terrorists

Select the images of suspected terrorists to display more information.

JABER A. ELBANEH

 

How Does the FBI Watch List Work? And Could It Have Prevented Orlando?

Wired:  OF ALL THE details investigators have uncovered about Orlando terrorist Omar Mateen, perhaps the most infuriating is the fact that he spent 10 months on a government watch list, yet had no trouble buying an assault rifle and a handgun.

Authorities placed Mateen on a watch list in May 2013 after coworkers at the Florida courthouse where he was a security guard told authorities he boasted of connections to al Qaeda and other terrorists organizations. He remained on the list for 10 months, and FBI Director James Comey told reporters this week that during that time the agency placed Mateen under surveillance and had confidential sources meet with him.

But the feds removed Mateen from the list in March 2014, after concluding that he had no significant links to terrorism beyond attending the same mosque as an American suicide bomber who died in Syria. “We don’t keep people under investigation indefinitely,” Comey said, adding that he doesn’t see anything that his agents should have done differently.

Comey didn’t identify the list Mateen was on, but an unnamed official told the Daily Beast that he was in two databases, the Terrorist Identities Datamart Environment database and the Terrorist Screening Database, more commonly called the terrorist watch list.

Here’s a look at what the lists are and how someone gets their name on one.

What is the Terrorist Watch List?
The Terrorist Screening Database was created in 2003 by order of a Homeland Security Presidential Directive. The database includes the names and aliases of anyone known to be, or reasonably suspected of being, involved in terrorism or assisting terrorists through financial aid or other ways. The federal Terrorist Screening Center maintains the database, and an array of government agencies nominate people to it through the National Counter Terrorism Center.

Some of the information in the database originates with the Terrorist Identities Datamart Environment, also called TIDE. That list contains classified data collected by intelligence agencies and militaries worldwide, but anything passed on to the terrorist watch list is first scrubbed of classified info. In 2013, TIDE had 1.1 million names in it.

The State Department checks all visa applicants against the watch list. The TSA’s No-Fly list and Selectee List, which identifies people who warrant additional screening and scrutiny at airports and border crossings, are also derived from the watch list. But it is most often used by law enforcement agencies at all levels to check the identity of anyone arrested, detained for questioning, or stopped for a traffic violation. The FBI calls it “one of the most effective counterterrorism tools for the US government.”

Entries in the database are coded according to threat level to provide law enforcement with instructions on what to do when they encounter a suspected terrorist who is on the list. According to a 2005 inspector general report (.pdf), of some 110,000 records in the database that the IG reviewed, 75 percent of them were given handling code 4, considered the lowest level, and 22 percent were given handling code 3. Only 318 records had handling codes 1 or 2. A description of what each level means is redacted in the publicly released version of the document, but a note indicates that people are usually given code 4 when they are either just an associate of a suspected terrorist and therefore may not pose a threat or if there is too little information known about the individual to categorize them at a higher level.

Appearing in the database doesn’t mean you’ll be arrested, denied a visa, or barred from entering the country. But it does mean your whereabouts and any other information gleaned from, say, a traffic stop, will be added to the file and scrutinized by authorities.

What’s the Criteria for Getting on the Watch List?
According to a 2013 watch list guideline produced by the Terrorist Screening Center and obtained by The Intercept, engaging in terrorism or having a direct connection to a terrorist organization is not necessary for inclusion on the list. Parents, spouses, siblings, children and “associates” of a suspected terrorist can appear on the list without any suspicion of terrorist involvement. “Irrefutable evidence” of terrorist activity and connections is also not necessary, the document states. Reasonable suspicion is sufficient, though this isn’t clearly defined.

“These lists are horribly imprecise,” a former federal prosecutor, who asked to remain anonymous, told WIRED. “They are based on rumor and innuendo, and it’s incredibly easy to get on the list and incredibly difficult to get off the list. There’s no due process for getting off the list.”

The guidelines also reveal that the Assistant to the President for Homeland Security and Counterterrorism can temporarily authorize placing entire “categories” of people on to the No-Fly and Selectee lists based on “credible intelligence” that indicates a certain category of individuals may be used to conduct an act of terrorism.

“Instead of a watch list limited to actual, known terrorists, the government has built a vast system based on the unproven and flawed premise that it can predict if a person will commit a terrorist act in the future,” Hina Shamsi, head of the ACLU’s National Security Project, told The Intercept. “On that dangerous theory, the government is secretly blacklisting people as suspected terrorists and giving them the impossible task of proving themselves innocent of a threat they haven’t carried out.”

What Is the No-Fly List?
This narrower list, derived from the terrorist watch list, includes people who haven’t done anything to warrant being arrested, yet the government deems too dangerous to allow onto commercial aircraft. Mateen reportedly did not appear on this list. The list included 2,500 individuals when Homeland Security chief Michael Chertoff released the tally for the first time in 2008. Six years later, Christopher Piehota, director of the Terrorist Screening Center, told a House subcommittee it had 64,000 names on it. That sounds like a lot, but the list includes dead people and multiple versions of names.

The No-Fly list is also notorious for ensnaring the innocent whose names resemble those of suspected terrorists. Senator Ted Kennedy, for example, was repeatedly prevented from boarding planes because his name matched that of someone on the list.

What Kind of ‘Terrorist Activity’ Gets You on the Terrorist Watch List?
Obvious things like using or possessing weapons of mass destruction will land you on the terrorist watch list. So will committing violence at an international airport, or engaging in arson or other types of destruction of government property if it’s done to intimidate, coerce, or influence people or government policy. But computer hacking can also get you included if it damages a computer used for interstate or foreign commerce or ones that are used by a financial institution or the government, if the hack was intended to influence people or policy.

Just as there are those on the list who shouldn’t be, so too are there people who don’t make it onto the list who should. Umar Farouk Abdul Mutallab, the so-called “underwear bomber” who attempted to detonate explosives aboard a flight from Europe in 2009, wasn’t on the terrorist or No-Fly lists, even though his father alerted the US embassy in Nigeria to his radicalization. He did appear in the TIDE database, but because that information is classified, it didn’t make it to the No-Fly list or the Amsterdam airport where he boarded his flight.

A 2007 inspector general’s audit of the terrorist watch list found that in 15 percent of terrorism cases the inspector’s office reviewed, the FBI failed to add suspects in the cases to the list.

Can Someone on the List Buy a Gun from a Federally Licensed Seller?
Appearing on the terrorist watch list wouldn’t necessarily prevent someone from purchasing a gun; it simply means law enforcement is alerted if you apply to purchase a weapon. So even if he’d been included on the list at the time he bought his weapons, Mateen would still have had no trouble purchasing his Sig Sauer MCX rifle and Glock 17 handgun.

There are ten criteria, however, that do prevent people, whether they’re on the terrorist watch list or not, from buying firearms from a licensed seller. They include a felony conviction, being an undocumented immigrant and being deemed mentally unstable by a court.

Government Accountability Office data recently released to California Democratic Senator Dianne Feinstein indicate that 2,477 people on the watch list attempted to buy a firearm between February 2004 (when authorities started checking gun sale purchases against the list) and the end of 2015. Of those, 2,265 of the transactions were allowed.

Feinstein proposed legislation last year to prevent known or suspected terrorists on the watch list from obtaining a gun license or buying a weapon from a licensed seller. The Senate rejected the proposal one day after the San Bernadino attack, but Feinstein said she hopes the Orlando massacre will give the bill new life. This week, Senate Democrats filibustered until Republicans agreed to consider such legislation.

But barring anyone on the list from buying a gun can create a different problem. “If you prevent people on the list from buying a weapon, then an attempt to buy the weapon can alert the person that they’re on the list,” the former prosecutor told WIRED. “So you’re aiding the terrorist [with that information].”

 

How Many People Are on the Terrorist Watch List?
The exact number is unclear because the list includes many aliases and variations of names, and officials often confuse the number of names that are on the list and the number of unique individuals that are on it. In 2011, for example, more than 1 million names appeared on the list, but just 400,000 of these represented unique individuals. In 2014, the Terrorist Screening Center’s Piehota told lawmakers the list included 800,000 names.

About 99 percent of names nominated to the list each year are accepted, and the number of nominations grows annually. In 2009, authorities nominated 227,932 known or suspected terrorists. In 2013, the number reached nearly 469,000.

Most of the people on the watch list are not US citizens; placing a citizen or permanent US resident on the list is supposed to require a higher standard, such information “from sources of known reliability or where there exists additional corroboration or context supporting reasonable suspicion,” according to the guidelines The Intercept obtained.

How Do You Get Off the Terrorist Watch List or No-Fly List?
This remains a source of great controversy. People on these lists rarely know how or why they landed there, and the process of removal can be convoluted. In 2007, the Department of Homeland Security created a redress program through which people can challenge their inclusion on the No-Fly list. It works well enough for anyone mistakenly added to the list, but provides little help to those whom the government says are on the list for legitimate reasons but won’t disclose the reasons.

The FBI will remove people from the terrorist watch list after closing an investigation that failed to uncover terrorist activity or connections. This is exactly what happened to Mateen, which has angered some officials. “The only way you should get off the list is if they no longer believe you’re a threat,” Senator Lindsey Graham said during a Capitol Hill briefing after the Orlando shooting. “It should have nothing to do with not being able to prove a crime.”

But the FBI was simply following procedure when it dropped Mateen from the watch list, after being criticized in the past for not promptly removing people when cases get closed. An inspector general’s report in 2007 found that the FBI failed to remove names in a timely manner in 72 percent of the cases the Bureau closed for lack of evidence. A 2009 audit found that the situation had not improved, prompting lawmakers like Vermont Democratic Senator Patrick Leahy to criticize the Bureau.

 

The bigger question then, is not why was Mateen removed from the list, but why did the FBI close its investigation of him prematurely? “To me, there was enough here to keep it in some sort of a status,” New York Republican Representative Peter King said during the Capitol Hill briefing this week.

But with so many suspects on the watch list, authorities must be judicious in choosing which ones to pursue. “Our work is very challenging,” Comey said this week. “We are looking for needles in a nationwide haystack. But we’re also called upon to figure out which pieces of hay might someday become needles.”

There is no specific criteria guiding when to close a case related to the terrorist watch list. “It’s a judgment call,” says the former prosecutor. “It depends on the seriousness of the allegations and the result of the investigation. It’s [a matter of whether an] investigator is convinced, more than anything else, that ‘We better keep looking at this guy.’”

In the case of Mateen, investigators surveilled him, looked into his background, and performed a “dangle,” the former prosecutor says. That’s when a confidential informant meets with a suspect. “They feel the guy out to try to figure out if he’s real or if he’s just all talk,” he says. They may do this by asking if he’s interested in purchasing weapons or materials to make a bomb. “They may try the dangle operation two or three times, and if he shows no genuine interest in activity, if he doesn’t take the bait, then they say after a period of time, we’ve got no reason to believe this person is something other than an angry young man … and they close the investigation.”

Still, a case is never truly closed. Authorities can re-open it if something piques their interest—like say, a suspect buying weapons. That would have been sufficient to get Mateen back on the FBI’s radar. But because he wasn’t on the watch list, the FBI didn’t know what he was up to. And that’s what lawmakers are saying they want to fix.